turbot/azure_compliance

Control: Event Hub namespaces should use a customer-managed key for encryption

Description

Azure Event Hubs supports the option of encrypting data at rest with either Microsoft-managed keys (default) or customer-managed keys. Choosing to encrypt data using customer-managed keys enables you to assign, rotate, disable, and revoke access to the keys that Event Hub will use to encrypt data in your namespace. Note that Event Hub only supports encryption with customer-managed keys for namespaces in dedicated clusters.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.eventhub_namespace_cmk_encryption_enabled

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.eventhub_namespace_cmk_encryption_enabled --share

SQL

This control uses a named query:

eventhub_namespace_cmk_encryption_enabled

Tags